dexter has uploaded this change for review.

View Change

suci-tutorial: add section about SUCI calculation by the USIM

The tutorial describes how SUCI calculation in the UE is configure,
let's now ad a section about SUCI calculation by the USIM.

Related: OS#6531
Change-Id: I45d47f9278b30d99ebde6891de0ba8cc74b1a0a0
---
M docs/suci-tutorial.rst
1 file changed, 51 insertions(+), 0 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/47/37947/1
diff --git a/docs/suci-tutorial.rst b/docs/suci-tutorial.rst
index 60d2190..3dc183a 100644
--- a/docs/suci-tutorial.rst
+++ b/docs/suci-tutorial.rst
@@ -193,3 +193,54 @@
 whole modem shutting 5G down. If you don’t need SUCI concealment but the
 smartphone refuses to connect to any 5G network, try to disable the UST
 service 124.
+
+SUCI calculation by the USIM
+----------------------------
+
+The SUCI calculation can also be performed by the USIM application on the UICC
+directly. The UE then uses the GET IDENTITY command (see also 3GPP TS 31.102,
+section 7.5) to retrieve a SUCI value.
+
+The sysmoISIM-SJA5-S17 *SUCI calculation by the USIM*. The configuration is not
+much different to the above described configuration of *SUCI calculation in the
+UE*.
+
+The main difference is how the key provisioning is done. When the SUCI
+calculation is done by the USIM, then the key material is not accessed by the
+UE. The specification (see also 3GPP TS 31.102, section 7.5.1.1), also does not
+specifiy any file or file format to store the key material. This means the exact
+way to perform the key provisioning is an implementation detail of the USIM
+card application.
+
+In the case of sysmoISIM-SJA5-S17 the key material is stored in EF.SUCI_Calc_Info,
+which is located in DF.SAIP instead of DF.5GS
+
+::
+
+   pySIM-shell (00:MF)> select MF
+   pySIM-shell (00:MF)> select ADF.USIM
+   pySIM-shell (00:MF/ADF.USIM)> select DF.SAIP
+   pySIM-shell (00:MF/ADF.USIM/DF.5GS)> select EF.SUCI_Calc_Info
+
+The file format is exactly the same as specified in 3GPP TS 31.102, section
+4.4.11.8. This means the above described key provisioning procedure can be
+applied without any changed, except that the file location is different.
+
+To signal to the UE that the USIM is setup up for SUCI calculation, service
+125 must be enabled as well (see also 3GPP TS 31.102, section 5.3.48)
+
+::
+   pySIM-shell (00:MF/ADF.USIM/EF.UST)> ust_service_activate 124
+   pySIM-shell (00:MF/ADF.USIM/EF.UST)> ust_service_activate 125
+
+To verify that the SUCI calculation works as expected, it is possible to issue
+a GET IDENTITY command using pySim-shell:
+
+::
+   select ADF.USIM
+   get_identity
+
+The USIM should then return a SUCI TLV Data object that looks like this:
+
+::
+   SUCI TLV Data Object: 0199f90717ff021b027a2c58ce1c6b89df088a9eb4d242596dd75746bb5f3503d2cf58a7461e4fd106e205c86f76544e9d732226a4e1

To view, visit change 37947. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: I45d47f9278b30d99ebde6891de0ba8cc74b1a0a0
Gerrit-Change-Number: 37947
Gerrit-PatchSet: 1
Gerrit-Owner: dexter <pmaier@sysmocom.de>